2011-08-08

SSL Everywhere for Safari

The EFF has published a Firefox extension to force HTTPS on as many websites as possible. This is a good idea(tm). But on OS X I use Safari, not Firefox. So I was wondering if there is a similar extension for Safari. It turns out there is. However, this extension is available in source only. The reason for this is given in a blog post by the developer. In short: The Safari extension API is limited, and the extension cannot guarantee that all your session cookies are transferred via HTTPS, making you vulnerable to stuff like Firesheep. And that is a bad thing(tm). But it is still useful, since it will redirect you to secure versions of the websites. One thing to note when following the build instructions: You need to enroll in the free Safari Dev program, and get a developer certificate. This is very well described over at Apple's developer center. After that, you can enable the developer menu in Safari's settings and just install the extension from the cloned git repository.